Mailing List Archive: Zope: CMF

View permissions not triggering

Index | Next | Previous | View Threaded

charlie.clark at clark-consulting

Jun 26, 2010, 6:15 AM

Post #1 of 5 (525 views)
Permalink

View permissions not triggering

Hi,

I'm working on a view for "logged_in". I thought I could simply replace
the current check for an anonymous by a view permission such as
"cmf.AddPortalContent" but no matter what I set the view remains callable
by a non-authenticated user. Are the permissions being ignored or have I
got the wrong end of the stick?

Charlie
--
Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226
_______________________________________________
Zope-CMF maillist - Zope-CMF [at] zope
https://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

y.2010 at wcm-solutions

Jun 26, 2010, 7:03 AM

Post #2 of 5 (524 views)
Permalink

Re: View permissions not triggering [In reply to]

Hi!

Charlie Clark wrote:
> I'm working on a view for "logged_in". I thought I could simply replace
> the current check for an anonymous

Which "current check" do you mean? Right now there is no logged_in view
so there is no permission check for a logged_in view.

> by a view permission such as
> "cmf.AddPortalContent" but no matter what I set the view remains callable
> by a non-authenticated user. Are the permissions being ignored or have I
> got the wrong end of the stick?

In case you are modifying the permission for the logged_in *action*
you've got the wrong end.

Cheers,

Yuppie
_______________________________________________
Zope-CMF maillist - Zope-CMF [at] zope
https://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

charlie.clark at clark-consulting

Jun 26, 2010, 7:08 AM

Post #3 of 5 (518 views)
Permalink

Re: View permissions not triggering [In reply to]

Am 26.06.2010, 16:03 Uhr, schrieb yuppie <y.2010 [at] wcm-solutions>:

Hiya yuppie,

I guess it's only appropriate that you replied to this.

> Which "current check" do you mean? Right now there is no logged_in view
> so there is no permission check for a logged_in view.

In the PythonScript logged_in.py the following check is performed:

isAnon = mtool.isAnonymousUser()
if isAnon:
context.REQUEST.RESPONSE.expireCookie('__ac', path='/')
options['is_anon'] = True
options['title'] = _(u'Login failure')
options['admin_email'] = ptool.getProperty('email_from_address')

>> by a view permission such as
>> "cmf.AddPortalContent" but no matter what I set the view remains
>> callable
>> by a non-authenticated user. Are the permissions being ignored or have I
>> got the wrong end of the stick?

> In case you are modifying the permission for the logged_in *action*
> you've got the wrong end.

No, I mean the permission set in the zcml view registration. As previously
discussed, I don't think "logged_in" and "logged_out" should be portal
actions as they are states.

Charlie
--
Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226
_______________________________________________
Zope-CMF maillist - Zope-CMF [at] zope
https://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

hanno at hannosch

Jun 26, 2010, 7:57 AM

Post #4 of 5 (521 views)
Permalink

Re: View permissions not triggering [In reply to]

On Sat, Jun 26, 2010 at 4:08 PM, Charlie Clark
<charlie.clark [at] clark-consulting> wrote:
> No, I mean the permission set in the zcml view registration. As previously
> discussed, I don't think "logged_in" and "logged_out" should be portal
> actions as they are states.

What exact zcml registration do you use? A browser:page or a
browser:view directive?

Browser pages should handle permissions just fine. Browser views don't
support the permission attribute in Zope2 / Five. This feature has
just never been implemented. See
https://bugs.launchpad.net/zope2/+bug/578326 for a recent report.

Hanno
_______________________________________________
Zope-CMF maillist - Zope-CMF [at] zope
https://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

charlie.clark at clark-consulting

Jun 26, 2010, 8:00 AM

Post #5 of 5 (518 views)
Permalink

Re: View permissions not triggering [In reply to]

Am 26.06.2010, 16:57 Uhr, schrieb Hanno Schlichting <hanno [at] hannosch>:

> What exact zcml registration do you use? A browser:page or a
> browser:view directive?
> Browser pages should handle permissions just fine. Browser views don't
> support the permission attribute in Zope2 / Five. This feature has
> just never been implemented. See
> https://bugs.launchpad.net/zope2/+bug/578326 for a recent report.

Hi Hanno,

It's a browser page:

<browser:page
for="Products.CMFCore.interfaces.ISiteRoot"
layer="Products.CMFDefault.interfaces.ICMFDefaultSkin"
name="logged_in.html"
class=".authentication.LoggedIn"
permission="cmf.ListPortalMembers"
/>

I've tried various permissions - just need one the lowest level that
members have but no dice.

FWIW this is on trunk.

Charlie
--
Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226
_______________________________________________
Zope-CMF maillist - Zope-CMF [at] zope
https://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads